Network Scalability

Module 4

© 2014 VMware Inc. All rights reserved

You Are Here

Course Introduction Storage Optimization

VMware Management Resources

CPU Optimization
Performance in a Virtualized
Environment
Memory Optimization
Network Scalability
Virtual Machine and Cluster
Network Optimization Optimization

Storage Scalability Host and Management Scalability

VMware vSphere: Optimize and Scale 4-2

© 2014 VMware Inc. All rights reserved

Importance

As you scale your VMware vSphere® environment, you must be

aware of the vSphere features and functions that help you manage
networking in your environment.

VMware vSphere: Optimize and Scale 4-3

© 2014 VMware Inc. All rights reserved

Module Lessons

Lesson 1: Introduction to vSphere Distributed Switch

Lesson 2: Distributed Switch Features

VMware vSphere: Optimize and Scale 4-4

© 2014 VMware Inc. All rights reserved

 Lesson 1:
Introduction to vSphere Distributed Switch

VMware vSphere: Optimize and Scale 4-5

© 2014 VMware Inc. All rights reserved

Learner Objectives

By the end of this lesson, you should be able to meet the following
objectives:
 List benefits of using vSphere distributed switches
 Create a distributed switch
 Manage the distributed switch
 Describe the distributed switch architecture
 Describe properties of a distributed switch

VMware vSphere: Optimize and Scale 4-6

© 2014 VMware Inc. All rights reserved

Distributed Switch

A distributed switch provides functionality that is similar to a

vSphere standard switch. But the distributed switch functions as a
single virtual switch across all associated hosts:
 VMware® vCenter Server™ manages the configuration of the
distributed switch. The configuration is consistent across all hosts that
use the distributed switch.
 A distributed switch can support up to 1000 hosts.
• Effectively the limit is 500, the maximum for a data center.
 A distributed switch can support Gigabit Ethernet, 10 Gigabit Ethernet,
and 40 Gigabit Ethernet physical network interface cards.
The behavior of distributed switches is consistent with standard
switches:
 You can configure virtual machine port groups and VMkernel ports.

VMware vSphere: Optimize and Scale 4-7

© 2014 VMware Inc. All rights reserved

Benefits of Distributed Switches

Benefits of distributed switches over standard switches:

 Simplify data center administration
 Enable networking statistics and policies to migrate with virtual
machines during a migration with VMware vSphere® vMotion®
 Provide support for private VLANs
 Provide for customization and third-party development

standard switches distributed switches

VMware vSphere: Optimize and Scale 4-8

© 2014 VMware Inc. All rights reserved

Distributed Switch Example

Example:
 Create a distributed switch named vDS01. Create a port group named
Production, which is used for virtual machine networking. Assign
uplinks vmnic1 on host ESXi01 and vmnic1 on host ESXi02 to the
distributed switch.

Distributed Production DVUplinks

Switch,
vDS01
Virtual
Physical
uplinks
vmnic0 vmnic1 vmnic2 vmnic0 vmnic1 vmnic2
ESXi01 ESXi02

VMware vSphere: Optimize and Scale 4-9

© 2014 VMware Inc. All rights reserved

Viewing Distributed Switches

View distributed switches in the

Networking inventory view.

Give port groups

descriptive names.
For example,
change the name
dvPortGroup
(default) to
pg-Production.

VMware vSphere: Optimize and Scale 4-10

© 2014 VMware Inc. All rights reserved

Managing VMkernel Adapters

Click the VMkernel adapters link to add or manage an adapter.

Networking Configuration for
esxi01.vclass.local

Managing
virtual
adapters is
performed at
the host level.

VMware vSphere: Optimize and Scale 4-11

© 2014 VMware Inc. All rights reserved

Managing Physical Adapters

Networking Configuration for

esxi01.vclass.local

 Modify a physical
adapter configuration
at the host level.
 Change teaming and
failover policies at the
switch level.

VMware vSphere: Optimize and Scale 4-12

© 2014 VMware Inc. All rights reserved

Enabling IPv6 on the ESXi Host

Enable or disable IPv6 support for

this host. You must restart the
system for the change to take effect.

VMware vSphere: Optimize and Scale 4-13

© 2014 VMware Inc. All rights reserved

Connecting a Virtual Machine to a Distributed Port Group

Connect a virtual machine to a distributed port group by:

 Modifying the NIC configuration in the virtual machine properties
 Migrating virtual machines to a distributed switch

1. Actions menu for dvs-Lab

2. Second page of the Migrate
Virtual Machine Networking
wizard

VMware vSphere: Optimize and Scale 4-14

© 2014 VMware Inc. All rights reserved

Distributed Switch Architecture

management port
management
port vSphere vMotion
port
distributed ports
and port groups
distributed switch vCenter
(control plane) Server
uplink
port groups

hidden virtual
switches
(I/O plane) virtual

physical NICs physical

(uplinks)

host 1 host 2

VMware vSphere: Optimize and Scale 4-15

© 2014 VMware Inc. All rights reserved

Editing General Distributed Switch Properties

General properties include the distributed switch name, number of

uplink ports, optional uplink names, the number of ports, and others.

Distributed ports and

port groups inherit
property settings
defined at the
distributed switch level.

VMware vSphere: Optimize and Scale 4-16

© 2014 VMware Inc. All rights reserved

Editing Advanced Distributed Switch Properties

The Properties page also has the following settings for Advanced
properties:
 Maximum transmission unit (MTU)
 Discovery protocol
 Administrator contact information

VMware vSphere: Optimize and Scale 4-17

© 2014 VMware Inc. All rights reserved

Editing Distributed Port Group Properties

Most of the port group properties are available for both distributed
port groups and standard port groups.
 A distributed port group has an additional load balancing policy option:
Route based on physical NIC load.

VMware vSphere: Optimize and Scale 4-18

© 2014 VMware Inc. All rights reserved

Distributed Switch Configuration: .dvsData Folder

When a virtual machine uses a distributed port, a hidden folder

named .dvsData is create on the datastore where the virtual
machine resides:
 A subfolder exists named
after the UUID of the
distributed switch.
 Each folder contains a file
corresponding to a port ID
used by a virtual machine.

VMware vSphere: Optimize and Scale 4-19

© 2014 VMware Inc. All rights reserved

Standard Switch and Distributed Switch Feature Comparison

Feature Standard switch Distributed switch

Layer 2 switch
VLAN segmentation
IPv6 support
802.1Q tagging
NIC teaming
Outbound traffic shaping
Inbound traffic shaping
Configuration backup and restore
Private VLANs
Link aggregation control protocol
Data center-level management
Network vSphere vMotion
VMware vSphere® Network I/O Control
Per-port policy settings
Port state monitoring
NetFlow
Port mirroring

VMware vSphere: Optimize and Scale 4-20

© 2014 VMware Inc. All rights reserved

Lab 3: vSphere Distributed Switches

Create and configure a distributed switch

1. Prepare for the Lab
2. Power On a Virtual Machine and Test Network Connectivity
3. Create a Distributed Switch
4. Examine the Distributed Switch Configuration
5. Migrate the Virtual Machines to a Distributed Switch Port Group
6. Verify Network Connectivity
7. Complete the Network Migration
8. Clean Up for the Next Lab

VMware vSphere: Optimize and Scale 4-21

© 2014 VMware Inc. All rights reserved

Review of Learner Objectives

You should be able to meet the following objectives:

 List benefits of using vSphere distributed switches
 Create a distributed switch
 Manage the distributed switch
 Describe the distributed switch architecture.
 Describe properties of a distributed switch.

VMware vSphere: Optimize and Scale 4-22

© 2014 VMware Inc. All rights reserved

 Lesson 2:
Distributed Switch Features

VMware vSphere: Optimize and Scale 4-23

© 2014 VMware Inc. All rights reserved

Learner Objectives

By the end of this lesson, you should be able to meet the following
objectives:
 Describe distributed switch port binding
 Explain how private VLANs work
 Describe types of discovery protocols
 Describe how vSphere Network I/O Control and QoS tagging enhance
performance
 Describe how Link Aggregation Control Protocol (LACP) enhances
availability and performance
 Explain health check
 Configure NetFlow on a distributed switch
 Configure port mirroring on a distributed switch
 Back up and restore a distributed switch configuration
 Explain the automatic rollback and recovery of networking
configurations
VMware vSphere: Optimize and Scale 4-24

© 2014 VMware Inc. All rights reserved

Port Binding

Port binding is configured at the port group level.

 Right-click a distributed port group and select Edit Settings.
Port binding determines when and how a virtual machine’s virtual
NIC is assigned to a virtual switch port.
Three port-binding options:
 Static binding:
• Static binding is the default setting.
 Dynamic binding:
• Dynamic binding is deprecated.
 Ephemeral:
• No binding
Two port allocation options for static binding:
 Elastic: When all ports are assigned, a new set of eight ports is
created.
 Fixed: No additional ports are created when all ports are assigned.
VMware vSphere: Optimize and Scale 4-25

© 2014 VMware Inc. All rights reserved

Port-Binding Examples

Static port-binding example:

distributed  Three ports on the distributed port group.
switch  These ports are assigned to the first three virtual machines
that connect.
 These ports are permanently locked to the virtual machines.
 The power state of the virtual machine does not matter.
 If elastic port allocation is used, ports are added as needed.

distributed Dynamic port-binding example:

switch
 Three ports.
 Ports are assigned when the virtual machine is powered on.
 Only three out of the four virtual machines are connected.

Ephemeral port-binding example:

distributed
switch  As many ports as you need (limited only by the maximum for
vSphere on your hardware).
 The power state of the virtual machines does not matter.
 Ports are created as you connect.

VMware vSphere: Optimize and Scale 4-26

© 2014 VMware Inc. All rights reserved

VLAN Policies for Distributed Port Groups

VLANs divide a single broadcast domain

into several logical broadcast domains.
VLAN policies for distributed port groups:
 None
 VLAN
 VLAN trunking
 Private VLAN
Right-click a distributed
port group name and
select Edit Settings.

VMware vSphere: Optimize and Scale 4-27

© 2014 VMware Inc. All rights reserved

Private VLANs

A private VLAN is:

 An extension to the VLAN standard
 Further segmentation of a single VLAN into secondary private VLANs
A secondary private VLAN:
 Exists only in the primary VLAN
 Shares the same IP network address
 Is identified on the physical and distributed switches by a unique
VLAN ID

VMware vSphere: Optimize and Scale 4-28

© 2014 VMware Inc. All rights reserved

Types of Secondary Private VLANs

Three types of secondary private VLANs:

 Promiscuous
 Isolated
 Community
The type of secondary private VLAN determines packet forwarding
rules.

Primary Secondary Type

5 5 promiscuous
5 155 isolated
5 17 community

VMware vSphere: Optimize and Scale 4-29

© 2014 VMware Inc. All rights reserved

Promiscuous Private VLANs

Primary Secondary Type

5 5 promiscuous VM 1
5 155 isolated
5 17 community VM 2

A node attached to a port 155

155
in a promiscuous
VM 3
secondary private VLAN
can send and receive
17
packets to any node in 17
any other secondary 55 VM 4
private VLAN associated VM 5
with the same primary. VM 6
Routers are typically
attached to promiscuous
ports.

VMware vSphere: Optimize and Scale 4-30

© 2014 VMware Inc. All rights reserved

Isolated Private VLANs

Primary Secondary Type

5 5 promiscuous VM 1
5 155 isolated
5 17 community VM 2

A node attached to a port 155

155
in an isolated secondary
VM 3
private VLAN can send to
and receive packets only 17
17
from the promiscuous VM 4
55
private VLAN. VM 5
Only one isolated VM 6
secondary private VLAN
is permitted per primary.

VMware vSphere: Optimize and Scale 4-31

© 2014 VMware Inc. All rights reserved

Community Private VLANs

Primary Secondary Type

5 5 promiscuous VM 1
5 155 isolated
5 17 community VM 2

A node attached to a port 155

155
in a community
secondary private VLAN VM 3
can send to and receive
packets from other ports
17
17
in the same secondary 55
VM 4
private VLAN as well as VM 5
ports in the promiscuous
private VLAN. VM 6

VMware vSphere: Optimize and Scale 4-32

© 2014 VMware Inc. All rights reserved

Physical Switch Implementation of Private VLANs

 Standard 802.1Q tagging

 No double encapsulation Primary Secondary Type

 Physical switch software decides which 5 5 promiscuous

ports to forward the frame to, based on 5 155 isolated
the tag and the private VLAN tables. 5 17 community

For private VLANs, the VLAN

ID is the secondary ID.

distributed switch

5 5 15 17
5

PrivateVLAN
VLAN PrivateVLAN
Private VLAN
PrivateVLAN
VLAN55 Private
VLAN55 Private 155 1717
VLAN 155
(promiscuous)
(promiscuous) (isolated) (community)
(isolated) (community)

VMware vSphere: Optimize and Scale 4-33

© 2014 VMware Inc. All rights reserved

Private VLANs and Physical Switches

Frames that travel are tagged with the secondary ID.

Each virtual machine can send to and receive from different
secondary private VLANs.
 Examples: community and promiscuous
A physical switch can be confused by the fact that each MAC
address is visible in more than one VLAN tag
A physical switch must have a trunk port to the VMware® ESXi™
host and not be in a secondary private VLAN.
Most private VLAN problems are caused by physical switches that
are configured incorrectly.
 Compare the private VLAN map in the physical switch to the private
VLAN configuration in the distributed switch.

VMware vSphere: Optimize and Scale 4-34

© 2014 VMware Inc. All rights reserved

Private VLAN-Aware Physical Switch

Switch ports that see

 A virtual machine in a promiscuous the same MAC address
private VLAN sends an ARP request through different VLAN tags
for a virtual machine in an isolated
private VLAN.
Private VLAN logic detects that
 The target virtual machine is on a the destination is isolated, so it
different ESXi host. acts as if the tag were 155.
 The physical switch is
private VLAN-aware. ARP request ARP request
ARP request tag: 5 tag: none
tag: 5
Primary Secondary Type
ARP request 5 5 promisc
tag: none 5 155 isolated
5 155 5 17 comm

Promiscuous
Isolated
Distributed
ARP reply Switch
tag: none ARP reply ARP reply ARP reply
tag: 155 tag: 155 tag: none

VMware vSphere: Optimize and Scale 4-35

© 2014 VMware Inc. All rights reserved

Configuring and Assigning Private VLANs

Configure Select the distributed switch and select Private VLN > Edit.

Right-click the distributed port group, select Edit Settings, and

Assign
select VLAN.

VMware vSphere: Optimize and Scale 4-36

© 2014 VMware Inc. All rights reserved

Discovery Protocols

Switch discovery protocols help network administrators determine

the capabilities of a network device.
 vSphere supports two discovery protocols: Cisco Discovery Protocol
(CDP) and Link Layer Discovery Protocol (LLDP).
You can use CDP and LLDP to gather configuration and connection
information about the physical or virtual switch.
 Such information might aid troubleshooting network problems.

CDP LLDP

Introduced in vSphere 4.0 Introduced in vSphere 5.0

Available on a standard switch or a
Available only on a distributed switch
distributed switch
Specific to Cisco Vendor-neutral protocol

VMware vSphere: Optimize and Scale 4-37

© 2014 VMware Inc. All rights reserved

Configuring CDP or LLDP

With CDP or LLDP enabled, the virtual switch can be configured for
three different modes of operation:
 Listen: Information is received from the physical switches.
 Advertise: Information is sent to the physical switches.
 Both: Information is sent to and received from the physical switches.

Right-click a
distributed
switch and
select
Edit Settings.

VMware vSphere: Optimize and Scale 4-38

© 2014 VMware Inc. All rights reserved

Viewing CDP Information

To view the CDP information on

switches:
1. Select the host.
2. Click the Manage tab.
3. Click the Networking tab and
select Virtual switches.
Standard switch

Distributed switch

VMware vSphere: Optimize and Scale 4-39

© 2014 VMware Inc. All rights reserved

Viewing LLDP Information

Example of LLDP output from

a physical switch

VMware vSphere: Optimize and Scale 4-40

© 2014 VMware Inc. All rights reserved

vSphere Network I/O Control

user-defined resource pools system-defined resource pools

vSphere Fault vSphere
vMotion Tolerance Replication

Mgmt NFS iSCSI

port group port group port group

distributed
switch

vSphere Network I/O Control supports

the following: 10GigE
 User-defined resource pools
 QoS (802.1p) tagging
 Pool for VMware vSphere® Replication
traffic

VMware vSphere: Optimize and Scale 4-41

© 2014 VMware Inc. All rights reserved

Configuring System-Defined Network Resource Pools

vSphere Network I/O Control is enabled by default on new distributed

switches and divides traffic into predefined network resource pools.
 Traffic is controlled with physical adapter shares and host limits.

VMware vSphere: Optimize and Scale 4-42

© 2014 VMware Inc. All rights reserved

User-Defined Network Resource Pools

Create user-
defined network
resource pools
to give critical
virtual machines
more network
bandwidth than
lower priority
virtual
machines.

VMware vSphere: Optimize and Scale 4-43

© 2014 VMware Inc. All rights reserved

QoS (802.1p) Tagging

The QoS priority tag specifies an IEEE 802.1p tag, enabling you to
prioritize network resource pools.

QoS Network Traffic Characteristics

Priority Tag Priority
1 0 (lowest) Background
None (0) 1 Best Effort
2 2 Excellent Effort
3 3 Critical Applications
4 4 Video < 100ms latency
5 5 Voice < 10ms latency
6 6 Internetwork Control
7 7 (highest) Network Control

VMware vSphere: Optimize and Scale 4-44

© 2014 VMware Inc. All rights reserved

Creating a User-Defined Network Resource Pool

When you create a user-

defined network resource
pool, you can modify the
following values:
 Host limit in megabits per
second
 Number of physical adapter
shares
 QoS priority tag

VMware vSphere: Optimize and Scale 4-45

© 2014 VMware Inc. All rights reserved

Adding a Distributed Port Group to a Network Resource Pool

You add a distributed port group to a user-defined network resource

pool to include in the network resource pool all virtual machine
network traffic from that distributed port group.

VMware vSphere: Optimize and Scale 4-46

© 2014 VMware Inc. All rights reserved

Traffic Filtering and Marking Policy

vSphere 5.5 supports a traffic filtering and marking policy that

provides the following features:
 Protects your virtual network from unwanted traffic and security attacks
 Permits and denies specific types of traffic
 Applies a QoS tag to mark a certain type of traffic
 Is equivalent to the Access Control List (ACL) feature available on
physical switches
The traffic filtering and marking policy is supported on distributed
switches only.
The traffic filtering and marking policy consists of one or more
network traffic rules, defined at the distributed port group or uplink
port group level.

VMware vSphere: Optimize and Scale 4-47

© 2014 VMware Inc. All rights reserved

Creating a Network Traffic Rule

A network traffic rule consists

of the following elements:
 Action
• Allow
• Drop
• Tag
 Traffic direction
• Ingress, Egress, or both
 Packet classification
• System traffic qualifier
• MAC qualifier
• IP qualifier

VMware vSphere: Optimize and Scale 4-48

© 2014 VMware Inc. All rights reserved

Example of Using a System Traffic Qualifier

This rule, called System Traffic Rule 1, allows incoming and outgoing
virtual machine traffic.

VMware vSphere: Optimize and Scale 4-49

© 2014 VMware Inc. All rights reserved

Example of Using a MAC Qualifier

This rule, called Network Traffic Rule 1, allows incoming traffic from
systems on VLAN 32 that are in the MAC address range,
00:50:56:00:00:00.

VMware vSphere: Optimize and Scale 4-50

© 2014 VMware Inc. All rights reserved

Example of Using an IP Qualifier

This rule, called Network Traffic Rule 2, drops all outgoing ICMP
packets for any IP address (source and destination).

VMware vSphere: Optimize and Scale 4-51

© 2014 VMware Inc. All rights reserved

Marking Network Traffic

You can assign priority tags to traffic that has higher networking
requirements for bandwidth, low latency, and so on.
You can mark the traffic with a CoS tag in layer 2 or a DSCP tag in
layer 3.

Marking traffic has the

following benefits:
 Important traffic can
be tagged so that
these packets are not
dropped by the
physical network
during congestion.
 End-to-end QoS and
SLA requirements can
be provided.

VMware vSphere: Optimize and Scale 4-52

© 2014 VMware Inc. All rights reserved

Example of Marking Network Traffic

This rule, called Tagging Traffic Rule 1, marks incoming SIP UDP
packets from subnet 192.168.2.0/24.

VMware vSphere: Optimize and Scale 4-53

© 2014 VMware Inc. All rights reserved

Link Aggregation Control Protocol

LACP is a standards-based (802.3ad) link aggregation method that is

supported on distributed switches.
LACP has the following features:
 Enables you to connect ESXi hosts to physical switches that use
dynamic link aggregation
 Detects link failures and cabling mistakes
 Automatically negotiates link aggregation properties between virtual
and physical switches
You use LACP to increase network bandwidth and redundancy.

VMware vSphere: Optimize and Scale 4-54

© 2014 VMware Inc. All rights reserved

Link Aggregation Group

LACP support is provided by using a link aggregation group (LAG).

You create a LAG on a distributed switch to aggregate the bandwidth
of physical NICs on ESXi hosts that are connected to LACP port
channels.
The network traffic is load balanced between the LAG ports.
 All load balancing algorithms of LACP are supported by the distributed
switch.
You can use a LAG to handle traffic for a distributed port group by
setting the LAG as active in the group’s teaming and failover order.
You can have multiple LAGs:
 64 per ESXi host
 64 per distributed switch

VMware vSphere: Optimize and Scale 4-55

© 2014 VMware Inc. All rights reserved

LAG Architecture

You configure the same number of ports for a LAG as the number of
ports on the LACP port channels on the physical switch.
production test
distributed
uplink port group switch

LAG01
Uplink0 Uplink1
LAG01-1 LAG01-1

ESXi host 1 ESXi host 2

uplink port group uplink port group

LAG01 LAG01
uplink uplink uplink uplink
port 0 port 1 port 0 port 1
LAG01-1 LAG01-1 LAG01-1 LAG01-1

LACP port channel LACP port channel

physical switch

VMware vSphere: Optimize and Scale 4-56

© 2014 VMware Inc. All rights reserved

Example of LACP Deployment with Two LAGs

host
Port group Port group
configuration: configuration:
Active Link: Active Link:
LAG1 LAG2

vSphere Distributed Switch

ESXi

vSphere Distributed Switch configuration:

LAG1 – 2 uplinks; LB algorithm – Source IP
LAG2 – 2 uplinks; LB algorithm – Destination IP

Switch 1 Switch 2
configuration: configuration:

LAG1 – Port 1,2 LAG2 – Port 1,2

physical switches

VMware vSphere: Optimize and Scale 4-57

© 2014 VMware Inc. All rights reserved

Network Health Check

Network Health Check feature detects common configuration errors,

including the following:
 Mismatched VLAN trunks between virtual switch and physical switch.
 Mismatched MTU setting between the virtual adapter, virtual switch,
physical adapter, and physical switch ports.
 Mismatched teaming configurations.

VMware vSphere: Optimize and Scale 4-58

© 2014 VMware Inc. All rights reserved

Example of Network Health Check

Virtual Network Configuration

Port Group
Port Group
Configuration:
Configuration: VLAN – 10
VLAN – 20 MTU – 9000
MTU – 9000
Team – Port ID
Team – IP hash VMware vSphere® Distributed Switch™

ESXi ESXi

Switch Port Switch Port

Configuration: Configuration:
VLAN – 10 VLAN – 10
MTU – 1500 MTU – 9000
Team – None O Team – None
1 2
Physical Network Configuration

VMware vSphere: Optimize and Scale 4-59

© 2014 VMware Inc. All rights reserved

Enabling Health Check

Health Check is available only with VMware vSphere® Web Client.

Health checks can be performed on the following:
 VLAN and MTU
 Teaming and Failover

VMware vSphere: Optimize and Scale 4-60

© 2014 VMware Inc. All rights reserved

Health Check Results Screen

To review Results from the health check:

1. Browse to a vSphere distributed switch.
2. Click the Monitor tab and click Health.
The results are displayed at the bottom of the window.

VMware vSphere: Optimize and Scale 4-61

© 2014 VMware Inc. All rights reserved

NetFlow

NetFlow:
 A network analysis tool for monitoring the network and for gaining
visibility into virtual machine traffic
 A tool that can be used for profiling, intrusion detection, networking
forensics, and compliance
 Supported on distributed switches only
ESXi
hosts

distributed NetFlow
switch collector
distributed switch
enabled
for
NetFlow network flow data

VMware vSphere: Optimize and Scale 4-62

© 2014 VMware Inc. All rights reserved

Network Flows

A network flow is a unidirectional sequence of packets, with each packet

sharing a common set of properties.
NetFlow captures two types of flows:
 Internal flow: Represents intrahost virtual machine traffic
 External flow: Represents interhost virtual machine traffic and physical
machine-to-virtual machine traffic
Flow records are sent to a NetFlow collector for analysis.
internal flow external flows

ESXi
hosts
physical NetFlow
host
collector
distributed switch
network flow records

VMware vSphere: Optimize and Scale 4-63

© 2014 VMware Inc. All rights reserved

Network Flow Analysis

Network flow data is sent to a third-party NetFlow collector, which:

 Accepts and stores network flow records
 Includes a storage system for long-term storage of flow-based data:
• You can investigate and isolate excessive network bandwidth utilization,
bottlenecks, and unexpected application traffic.
• You can view historical records to diagnose the cause of these outages or
breaches.
 Mines, aggregates, and reports on the collected data:
• You can analyze network traffic by rate, volume, and utilization.
• You can analyze trends in virtual machine and host traffic.
NetFlow
NetFlow collector
collector IP address:
VDS IP address: 172.20.10.100
192.168.10.24
distributed switch

network flow records

VMware vSphere: Optimize and Scale 4-64

© 2014 VMware Inc. All rights reserved

Configuring NetFlow on a Distributed Switch

To configure NetFlow on a
distributed switch and enable
or disable NetFlow on a
distributed port group, a
specific port, or at the uplink :
1. In the Networking inventory
view, right-click the
distributed switch and select
All vCenter Actions > Edit
Netflow.

2. In the Networking inventory

view, right-click the port
group and select Edit
Settings > Monitoring.
.

VMware vSphere: Optimize and Scale 4-65

© 2014 VMware Inc. All rights reserved

Port Mirroring

Port mirroring is a technology that duplicates network packets from

a source to a destination.
Port mirroring is used for the following:
 To assist in troubleshooting
 As input for network analysis appliances
Many network switch vendors implement port mirroring in their
products.
vSphere supports port mirroring using RSPAN and ERSPAN.

VMware vSphere: Optimize and Scale 4-66

© 2014 VMware Inc. All rights reserved

Configuring a Port Mirroring Session

Right-click a distributed switch

and select Edit Settings.

VMware vSphere: Optimize and Scale 4-67

© 2014 VMware Inc. All rights reserved

Port Mirroring Options

VMware vSphere: Optimize and Scale 4-68

© 2014 VMware Inc. All rights reserved

Source and Destination Selections

Session Type Source Destination

Distributed Port Mirroring DVPort DVPort

Remote Mirroring Source DVPort Uplink

Remote Mirroring Destination VLAN DVPort

Encapsulated Remote Mirroring (L3) DVPort IP Address

Distributed Port Mirroring (legacy) DVPort DVPort/Uplink

VMware vSphere: Optimize and Scale 4-69

© 2014 VMware Inc. All rights reserved

Configuration Backup and Restore

The distributed switch configuration is backed up for deployment,

rollback, and sharing purposes.
Backup can capture the configuration of a distributed switch, a
distributed port group, or both.
The following operations are supported:
 Back up the configuration on disk.
 Restore the switch and port group configuration from a backup.
 Create a new switch or port group from the backup.
 Revert to a previous port group configuration after changes are made.

VMware vSphere: Optimize and Scale 4-70

© 2014 VMware Inc. All rights reserved

Rollback and Recovery

Rollback prevents the accidental misconfiguration and loss of

connectivity to vCenter Server by rolling back to the previous valid
management network configuration:
 By default rollback is enabled.
Provides two options to recover from management network
misconfigurations:
 Automatic rollback if misconfiguration is detected.
 Direct Console User Interface (DCUI) to recover the management
network.
If automatic rollback is disabled, DCUI provides an easy way for the
user to connect directly to the host and fix networking configuration
on the host switch.
 The user can fix the distributed switch properties directly on the host
through DCUI.

VMware vSphere: Optimize and Scale 4-71

© 2014 VMware Inc. All rights reserved

Rollback Details

Two different updates that trigger rollback are the following:

 Host level rollback:
• Triggered when there is a change in the host networking configurations,
such as a physical NIC speed change, change in MTU configuration, or
change in IP settings.
 Distributed switch level rollback:
• Occurs after the user updates distributed switch related objects, such as
port group or distributed ports.

VMware vSphere: Optimize and Scale 4-72

© 2014 VMware Inc. All rights reserved

Automatic Rollback

Automatic Rollback:
 Enabled by default
 To disable, set
config.vpxd.network.rollback
to false in advanced settings.

VMware vSphere: Optimize and Scale 4-73

© 2014 VMware Inc. All rights reserved

Recovery through DCUI

DCUI Recovery:
 If automatic rollback is
disabled, recovery can be
performed on the DCUI.
 DCUI recovery must be
performed on a per host basis.

VMware vSphere: Optimize and Scale 4-74

© 2014 VMware Inc. All rights reserved

Lab 4: Port Mirroring

Configure and use port mirroring to capture network traffic

1. Prepare for the Lab
2. Back Up the Distributed Switch Configuration
3. Prepare to Capture Mirrored Network Traffic
4. Configure Port Mirroring on the Distributed Switch
5. Capture Traffic Using Port Mirroring
6. Restore the Distributed Switch Configuration
7. Clean Up for the Next Lab

VMware vSphere: Optimize and Scale 4-75

© 2014 VMware Inc. All rights reserved

Review of Learner Objectives

You should be able to meet the following objectives:

 Describe distributed switch port binding
 Explain how private VLANs work
 Describe types of discovery protocols
 Describe how vSphere Network I/O Control and QoS tagging enhance
performance
 Describe how Link Aggregation Control Protocol (LACP) enhances
availability and performance
 Explain health check
 Configure NetFlow on a distributed switch
 Configure port mirroring on a distributed switch
 Back up and restore a distributed switch configuration
 Explain the automatic rollback and recovery of networking
configurations

VMware vSphere: Optimize and Scale 4-76

© 2014 VMware Inc. All rights reserved

Key Points
 A distributed
functions
standard thatswitch
are
switch.
provides
similar
But the to a
distributed
configuration switch
that defines
is shared a across
single
 all
Port associated
binding hosts.
determines whenisand
how a
assigned virtual
to amachine’s
virtual vNIC
switch port.
 Private
to
VLANthe VLANs
VLAN
segments
are an extension
standard.
a singleA private
VLAN
 into secondary
vSphere private
Networktypes VLANs.
I/O Control
enables
a different
distributed switch to of traffic on
be
identified
and shares.and managed via limits
 The use bandwidth
network
redundancy.
of LACP increases
and
 You
QoS
both.
can prioritize
priority tag ortraffic
a DSCPby using
tag, a
or
 Distributed
use of switches
network
troubleshooting analysis
tools,
support
and the
specifically,
 NetFlow
Distributed and port mirroring.
switch and distributed
port
backedgroup
up configurations
and restored. can be
Questions?
VMware vSphere: Optimize and Scale 4-77

© 2014 VMware Inc. All rights reserved